Published: Wed, April 04, 2018
Money | By Ethel Goodwin

Panera warns of online data breach

Panera warns of online data breach

Until Monday, the 2,100-unit-plus bakery chain was silent on the issue. However, Houlihan noticed a huge bank of enumerable data that a hacker could easily crawl through mining for customer information. "Panera Bread uses sequential integers for account IDs", Houlihan told KrebsOnSecurity, "which means that if your goal is to gather as much information as you can instead about someone, you can simply increment through the accounts and collect as much as you'd like, up to and including the entire database". It's not clear whether anyone actually accessed any of the data, which was supplied by customers who had made accounts for food delivery and other services.

Houlihan, exhausted of being ignored by Panera's security team, posted about Panera's unpalatable security on Medium, alongside screenshots of email correspondence with Panera Bread's information security director, Mike Gustavison. Despite Houlihan continuing to follow up, a resolution was not reached, and the website was not taken down for security reasons until this week.

The security news website Krebsonsecurity first reported the data leak. It has since returned, and the data is no longer reachable. A subsequent post by Krebs brought more attention to the problem.

'Our investigation to date indicates that fewer than 10,000 consumers have been potentially affected by this issue, and we are working diligently to finalize our investigation and take the appropriate next steps'.

- A data breach exposed Panera Bread customer records, FOX Business reports, and the company said it was has fixed the security flaw on its website.

Another day, another possible data breach. In fact, as KrebsOnSecurity pointed out, the vulnerabilities also appear to have extended to Panera's commercial division, which serves catering outlets.

The data breach comes days after Under Armour said a flaw in its MyFitnessPal app exposed the data of roughly 150 million users.

Like this: